Security Breach Update
14 June 2019

Vulnerabilities in unpatched softwareUnpatched Vulnerabilities Are a Top Threat.

Today’s cybersecurity landscape is incredibly daunting, and IT administrators have a tough job on their hands. One of their most significant tasks, according to a recent study, is patching security vulnerabilities and getting their employees to update their software.

Different organisations take unique approaches to this problem, including scanning for vulnerabilities, running simulations, and collaborating with IT providers to identify and solve possible pain points, but the challenge is throughout all sectors and among companies of all sizes.

Taken together, more than a quarter of organisations endured a data breach because of an unpatched vulnerability, highlighting their need for technical support in this area.

 Recent Breaches

Australia – PayID – Digital payment platform.

Exploit: Enumeration attack

Risk to Small Business: Severe: PayID offers its users a simple way to send and receive money, allowing them to register their phone number or email address as a payment mechanism. Unfortunately, this also allowed hackers to perpetrate an enumeration attack, which involves changing letters or numbers at random until the account is identified, revealing personal information that could be used to commit fraud. In this case, a security vulnerability will slow the proliferation of a highly-touted and convenient technology, and it underscores the importance of understanding the unique threat landscape manifesting around emerging technologies.

Risk to Exploited Individuals: Moderate: Users’ bank account numbers were not compromised in this attack, but hackers did gain access to user nicknames, email addresses, or phone numbers. PayID users should closely monitor their accounts for suspicious activity, and they need to be aware that this information can quickly spread on the Dark Web where it is fodder for fraudsters who deploy the information in a variety of ways.

Customers Impacted: 100,000

United States – Quest Diagnostics – Clinical Laboratory Company with operations in the United States, the United Kingdom, Mexico, and Brazil.

Exploit: Unauthorized system access.

Risk to Small Business: Severe:  A collection firm partnering with Quest Diagnostics encountered a data breach that directly impacted nearly 12 million of the lab’s patients. In response, Quest is partnering with a third-party cybersecurity organization to ensure proper breach notification standards are followed. Even though the event precipitated at a separate organization, Quest Diagnostics will bear the financial and reputational burden of a data breach that has compromised the most sensitive information in people’s lives: the type that is related to their health.

Risk to Exploited Individuals: Severe:  The scope of this incident is astounding, and it includes patient information, financial data, and social security numbers, along with other medical data. While test results were not included in the breach, this extensive trove of valuable information can quickly make its way to the Dark Web, and those impacted by the breach should attain the services necessary to know what happens to their information after it’s compromised.

Customers Impacted:  11.9 million

Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.

Protect your data, privacy and reputation, talk to a TCT sales team member today.

Robert Brown
14/06/2019

Follow us on LinkedIn:

Related Articles:
Office 365 users have been the target in a phishing campaign
Identity Theft is Real

Written by